With the shocking news on September 22, 2016 that Yahoo finally admitted to a widespread data breach involving some 500 million user accounts, it is time that everyone should take data and account security very seriously.
Most of our online accounts are registered using an email, and chances are, if you happen to use Yahoo email, that your account is one of those accounts breached.
“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in an statement.
Yahoo have joined LinkedIn as well as Dropbox as of late in the list of popular websites which were compromised – probably with the biggest number of accounts stolen (estimated at 500 million). LinkedIn breach involved some 117 million accounts, while Dropbox had 68 million accounts and passwords leaked.
Just before the May 2016 Philippines Presidential elections, the COMELEC voters information website was also hacked with data on 55 million Filipino voters leaked publicly which included personal sensitive information such as biometric data and fingerprints, dates of birth, email addresses, family members’ names, genders, job titles, marital statuses, names, passport numbers, phone numbers, physical addresses and physical attributes. The breach however, only included 228,000 email addresses.
How can you check if your email account is breached, worse, is posted somewhere? Troy Hunt (@troyhunt), Microsoft Regional Director and MVP for Developer Security have developed a website which checks various online databases of leaked accounts.
HAVEIBEENPWNED.COM allows you to check your email account if it has been compromised in a data breach. It gives information the source of the data breach if your account happens to be part of a leak.
What to do if your email account is compromised?
Securing your account should be a top priority. The below steps can help you start securing your accounts to prevent unscrupulous individuals to take advantage of your sensitive personal information and avoid credit card fraud, identity theft and other malicious and illegal activities.
- Change your password ASAP.
- Create a strong password, and should be unique for each account. It should be a mix of letters, numbers and symbols. Check here for a guideline in creating strong passwords.
- Never share your password to anyone.
- Change your passwords regularly.
- Setup 2-step verification of your email accounts. Popular email providers like Gmail and Yahoo have 2-step verification features to act as extra security protection. Every time you sign in from an unrecognized device or computer, you’ll be asked to enter the verification code that is sent to your mobile number.
- Maintain at least 2 emails. One email to be used for online accounts for social media, gaming, subscriptions and other public websites, while another email to be used only for private or personal purposes like online banking, credit card statements and other sites which require you to maintain sensitive personal information.
- Minimize if not avoid using public wifi to access your accounts associated with sensitive information.
- Be mindful of fake sites and other unsecured sites that may inject your computer or mobile devices with viruses and malware and can compromise not just your email account but your entire data.
- Do not open emails and attachments from unknown people or sources. Be mindful of social engineering tactics which are aimed to harvest sensitive personal information.
- If you are engaged in a business, or employed, never use your business or company email to create social media accounts and to subscribe to online newsletters and publications.
Data security should be everyone’s concern. Awareness is key to ensuring your accounts and sensitive personal information are safe. When you suspect that your account is compromised – follow the above steps.